This is a very focused attack. The Tibet Malware is a classic Trojan horse for the OS X operating system and is being distributed to specific Uyghur activist groups. This seems to be a politically motivated Advanced Persistent Threat that involves a group of people. The Dalai Lama is a known MAC user and regularly participates in conference calls and other online business. The malware is being distributed in emails to certain Mac users through a zip file. When the file is opened an image and text file appear that resemble a standard OS X application, so you think you are running a standard program, but you are installing the malware. The malware is monitored at a command and control server in China which allows the hackers remote access to issue local commands. The Tibet Malware is a Java Exploit similar to the Flashback attack.
Many Mac users rely on security by obscurity because they are not the primary computer market and attackers will achieve less success. But this attack is very concentrated, this group knows that the Dalai Lama is a Mac user and they are politically focused on China. So other Mac users are unfortunately getting targeted because of this political attack. Security by obscurity has no ground to stand on there are not controls in place to protect your computer with this method, one just counts on that they are the minority and that they are typically safe. But as we can see in this example if someone becomes a target, no one else is safe. The Dalai Lama probably has much stronger controls in place than the rest of the Mac users in China since he is working on government work. The Mac users in China need to have virus protection as little as history shows that Mac’s get hit by hackers.
Also, the file that contains the Malware is Matiriyal.zip, this does not sound like a Mac program and users should research before downloading. I am not sure about Mac’s, as I am a PC user, but typically when you are downloading a program or application it has an .exe extension, not a zip file. So the file name and extension should cause a concern and the computer user should do some research to keep their computer safe before they download this program, especially if they are practicing security by obscurity.
Microsoft identifies two Zeus botnet crime ring suspects
The zeus botnet ring used software to show fake or modified websites that resembled banking sites. When victims logged in their keystrokes were logged to capture identity information and they stole victims money with this information. Microsoft has taken down many botnets in the past 3 years and zeus is the 4th one added to its list. With zeus they did not shut it down right away because they wanted to get valuable information on where the infected computers were located and to find the people behind the scheme. The Rustock botnet that Microsoft took down last year cut down a third of the world’s spam.
This breach occurred by computer users putting their login information to unsecured websites. You should never click on a link in an email from your bank and type in your login information. You should always type in the web address yourself and make sure that you have an https:// connection. This is just a problem with the public being lazy and ignorant. The only thing that IT security people can do is to try to continually try different variations of their website and try to shut down fake ones, but it is ultimately the job of the bank customer to keep their information secure.
New OS X Tibet malware variant surfaces
This is a very focused attack. The Tibet Malware is a classic Trojan horse for the OS X operating system and is being distributed to specific Uyghur activist groups. This seems to be a politically motivated Advanced Persistent Threat that involves a group of people. The Dalai Lama is a known MAC user and regularly participates in conference calls and other online business. The malware is being distributed in emails to certain Mac users through a zip file. When the file is opened an image and text file appear that resemble a standard OS X application, so you think you are running a standard program, but you are installing the malware. The malware is monitored at a command and control server in China which allows the hackers remote access to issue local commands. The Tibet Malware is a Java Exploit similar to the Flashback attack.Many Mac users rely on security by obscurity because they are not the primary computer market and attackers will achieve less success. But this attack is very concentrated, this group knows that the Dalai Lama is a Mac user and they are politically focused on China. So other Mac users are unfortunately getting targeted because of this political attack. Security by obscurity has no ground to stand on there are not controls in place to protect your computer with this method, one just counts on that they are the minority and that they are typically safe. But as we can see in this example if someone becomes a target, no one else is safe. The Dalai Lama probably has much stronger controls in place than the rest of the Mac users in China since he is working on government work. The Mac users in China need to have virus protection as little as history shows that Mac’s get hit by hackers.
Also, the file that contains the Malware is Matiriyal.zip, this does not sound like a Mac program and users should research before downloading. I am not sure about Mac’s, as I am a PC user, but typically when you are downloading a program or application it has an .exe extension, not a zip file. So the file name and extension should cause a concern and the computer user should do some research to keep their computer safe before they download this program, especially if they are practicing security by obscurity.
Microsoft identifies two Zeus botnet crime ring suspects
The zeus botnet ring used software to show fake or modified websites that resembled banking sites. When victims logged in their keystrokes were logged to capture identity information and they stole victims money with this information. Microsoft has taken down many botnets in the past 3 years and zeus is the 4th one added to its list. With zeus they did not shut it down right away because they wanted to get valuable information on where the infected computers were located and to find the people behind the scheme. The Rustock botnet that Microsoft took down last year cut down a third of the world’s spam.This breach occurred by computer users putting their login information to unsecured websites. You should never click on a link in an email from your bank and type in your login information. You should always type in the web address yourself and make sure that you have an https:// connection. This is just a problem with the public being lazy and ignorant. The only thing that IT security people can do is to try to continually try different variations of their website and try to shut down fake ones, but it is ultimately the job of the bank customer to keep their information secure.
50/50